Google stored some business passwords as plain text2019-05-22 18:07 by Daniela
In a blog post today, Google revealed that a bug in an old G Suite tool caused some portion of G Suite users to have their passwords stored in plain text for nearly 14 years, between 2005 and 2019.
The company said that only G Suite enterprise customers were impacted, but not regular Gmail accounts. Google says that it can't find any evidence that anybody's password was improperly accessed. It's resetting any passwords that might be affected and letting G Suite administrators know about the issue.
The problem arose from a now-removed feature in G Suite enterprise accounts. Google had allowed domain administrators to manually set passwords for a company's users so new starters could quickly log into accounts on their first day. But an error when implementing the feature back in 2005 meant the admin console stored a copy of these passwords in plain text.
"To be clear, these passwords remained in our secure encrypted infrastructure," said Google vice president of engineering Suzanne Frey. "This issue has been fixed and we have seen no evidence of improper access to or misuse of the affected passwords."
Read more -here-